Reports Expectations:
All reports/papers should have a cover page, an abstract, a table of contents that is automatically generated in Word, and an introduction, identifiable sections of your paper, and conclusion.
Since this is graduate level work, I expect a substantial amount of citations in your writing. Include appropriate reference citations for any content used in the body of your Project.
Review and Use American Psychological Association (APA) format for citations, Figure labels, and Tables, etc.
Label all screen shots using APA format (e.g. Figure 1 , FTK Evidence Processing) (e.g. Table 1 Budget Projections, etc. )
Please refer to the resource on writing graduate level papers which is part of the library resources.
All submissions have to be in Word so I can embed my feedback within the document - no pdf.
For re-submission, please work from the document in which my feedback was embedded, and please leave the feedback intact – that way I can tell where changes have been made to the re-submission.
Please adhere to expected paper length in your papers.
I ask that you read the project specifications carefully and identify what is required. For example, Project One requires that you develop the necessary steps to set up a forensics investigation plan. The plan should therefore include the following:
A brief abstract of what the paper is about
An introduction to the case at hand
A checklist description of safety steps an investigator would follow to ensure safety is addressed in the investigation
The Preliminary Work will discuss the Rules and Regulation, and Laws pertaining to your investigation. This could include key components such as chain of custody for evidence file examination, search warrant, subpoenas, jurisdictions, plain view doctrine, authority, etc…
A description of Preparation / Interview Questions by providing the forms you will use such as interview questions, chain of custody form.
A description of Investigation Resources including a check list of resources to be considered, tool & equipment, analysis of evidence types and contingencies
A description of Management Plan when you discuss your proposed methodology. This methodology would include at least the discussion of collection, examination, analysis, and reporting.
The methodology will:
help avoid general legal liability and avoid liability to third parties interested in the investigation, e.g., intellectual property rights, etc. You also need to minimize the potential for becoming trapped in legal issues and include third parties with interest in the investigation.
Ensure the safety of the property and environments involved in the investigation.
Provide the evidence-handling procedures that are preserving the chain of custody, and are critical if law enforcement becomes involved.
The Management Plan should also describe the team structure, budget and timeline. Use Proper Budget Projection Table and Label (See APA format); Use Proper Timeline Table and Label (See ...
Reports ExpectationsAll reportspapers should have a cover page.docx
1. Reports Expectations:
All reports/papers should have a cover page, an abstract, a table
of contents that is automatically generated in Word, and an
introduction, identifiable sections of your paper, and
conclusion.
Since this is graduate level work, I expect a substantial amount
of citations in your writing. Include appropriate reference
citations for any content used in the body of your Project.
Review and Use American Psychological Association (APA)
format for citations, Figure labels, and Tables, etc.
Label all screen shots using APA format (e.g. Figure 1 , FTK
Evidence Processing) (e.g. Table 1 Budget Projections, etc. )
Please refer to the resource on writing graduate level papers
which is part of the library resources.
All submissions have to be in Word so I can embed my feedback
within the document - no pdf.
For re-submission, please work from the document in which my
feedback was embedded, and please leave the feedback intact –
that way I can tell where changes have been made to the re-
submission.
Please adhere to expected paper length in your papers.
I ask that you read the project specifications carefully and
identify what is required. For example, Project One requires
that you develop the necessary steps to set up a forensics
investigation plan. The plan should therefore include the
following:
A brief abstract of what the paper is about
An introduction to the case at hand
A checklist description of safety steps an investigator would
follow to ensure safety is addressed in the investigation
The Preliminary Work will discuss the Rules and Regulation,
and Laws pertaining to your investigation. This could include
key components such as chain of custody for evidence file
examination, search warrant, subpoenas, jurisdictions, plain
2. view doctrine, authority, etc…
A description of Preparation / Interview Questions by providing
the forms you will use such as interview questions, chain of
custody form.
A description of Investigation Resources including a check list
of resources to be considered, tool & equipment, analysis of
evidence types and contingencies
A description of Management Plan when you discuss your
proposed methodology. This methodology would include at least
the discussion of collection, examination, analysis, and
reporting.
The methodology will:
help avoid general legal liability and avoid liability to third
parties interested in the investigation, e.g., intellectual property
rights, etc. You also need to minimize the potential for
becoming trapped in legal issues and include third parties with
interest in the investigation.
Ensure the safety of the property and environments involved in
the investigation.
Provide the evidence-handling procedures that are preserving
the chain of custody, and are critical if law enforcement
becomes involved.
The Management Plan should also describe the team structure,
budget and timeline. Use Proper Budget Projection Table and
Label (See APA format); Use Proper Timeline Table and Label
(See APA format)
Use APA format for references and citations.
To help you jump start your Project 1, here is an example of
how to navigate a Project and the expectations.
Please read through the scenario, click on hyperlinks where you
want more information, and complete the tasks, which include:
1) to create an interview form to record questions, keywords,
and authorization information, and
2) to designate the legal forms that will be needed in this case.
Please remember, the scenario sets the scene of a real world
situation common to what a Digital Forensic Investigator will
3. see – please do not take scenario items literally. For instance,
in Step 1 it is common to use search warrants and police reports
at a crime scene, that doesn’t mean there are actual warrants
and reports here.
The forms that you complete as part of Step 1 will be included
in your “Investigation Project Plan”-- the final assignment for
this project. So, Step 1 asks you to create an interview form as
well as identify legal forms (like search warrants) that are
typically included in cases such as the described scenario.
Step 2 is asking you to develop a simple checklist.
Step 3 is to develop an investigation plan, which includes the
elements listed. Here, do not ‘over think’ the assignment; read
the description, review linked information, and complete the
tasks as described. The final step is to synthesize the previous
3 steps into a single deliverable that is cohesive. The
competencies are listed here as a guide—note the reference to
‘best practices’ in digital forensics. If you Google “best
practices in digital forensics” you just may find some common
topics that are part of a digital forensic professional’s plan for
investigating a crime / incident scene.
Project 1: Investigation Considerations
Transcript:
“What is it with these detectives? They think they can just dum
p stuff on our desks and expect us to make heads or tails of it!”
“I’ll need a lot more information than this before I can process t
hese computers!”
“Let’s see...is that everybody? I need to get this meeting on fol
ks’ calendars
right away, so I can start my investigation. While I’m waiting,
I’ll draw up an agenda and a list of questions that need to be ans
wered.”
“OK, that’s a good start! I’m sure other topics will come up duri
ng the meeting.”
“That meeting was a big help! Now I can create a list of resourc
4. es that I’ll need for the investigation. Let’s see…..”
“The team is also going to want to know what to expect as far a
s timeline, budget, responsibilities, and so on. A project manag
ement diagram should help. I’ll sketch it out now and get it to t
hem A.S.A.P. so we can get started!”
A digital forensic investigation process can involve many steps
and procedures. The objective is to obtain unbiased information
in a verifiable manner using accepted forensic practices. In this
project you will perform some of the steps necessary for setting
up an investigation. These steps include designing interview
questions that establish the needs of the case and focus your
investigative efforts. You will also determine what resources
may be needed to conduct the investigation. Once you have this
information, you will be able to develop an investigation plan
that properly sequences activities and processes allowing you to
develop time estimates and contingency plans should you
encounter challenges in the investigation.
This particular situation involves two computers and a thumb
drive. After clear authorization to proceed has been obtained,
one of the first investigative decision points is whether to
process the items of evidence individually or together.
Processing computers individually makes sense when they are
not likely tied to the same case. However, if the computers are
linked to the same case, there can be advantages in processing
them together.
There are four steps in this project. In Step 1, you will develop
interview protocols and identify documentation needs for a
forensic investigation. In Step 2, you will identify resources
needed for the investigation. In Step 3, you will develop a plan
for conducting the investigation, and in Step 4, you will
consolidate your efforts in the form of a single document to be
submitted to your supervisor (i.e., your instructor). The final
assignment in this project is a planning document with a title
page, table of contents, and distinct section for each of the three
steps in the project
Let’s get started! In Step 1 you use an interview template to
5. record questions, keywords, and authorization information, and
to complete the legal forms that will be needed in this case.
Before you can do that, you need to review your training in
criminal investigations.
Step 1: Complete Preliminary Work
In Step 1 you recall your training in criminal investigations, in
which you covered the laws governing chain of custody, search
warrants, subpoenas, jurisdiction, and the plain view doctrine.
You also review forensic laws and regulations that relate to
cybercrime, as well as rules of digital forensics in preparation
for your digital forensic investigation. Next, you read the police
report and perform a quick inventory of devices that are thought
to contain evidence of the crime. You have set up a meeting
with the lead detectives and the prosecutor handling the case.
You have received an official request for assistance which
provides you with authority to conduct the investigation. You
realize it will be impossible to produce a detailed investigation
project plan prior to your meeting with the detectives and the
prosecutor. First you need to develop a series of questions to
establish the key people and activities. These questions should
address potential criminal activity, timelines, and people who
need to be investigated.
It is also important to determine whether different aspects of the
case are being pursued by other investigators and to include
those investigators on your contact list. In addition, some
situations may involve organizations or individuals who need to
adhere to various types of industry compliance. This situation
may require you to follow special procedures.
Your tasks in Step 1 are to create an interview form to record
questions, keywords, and authorization information, and to
designate the legal forms that will be needed in this case. The
forms that you complete as part of Step 1 will be included in
your “Investigation Project Plan”-- the final assignment for this
project.
In Step 2 you will consider the types of resources needed for the
investigation.
6. Step 2: Determine What Is Needed for the Investigation
In Step 1 you developed the forms and templates needed to
collect the legal, criminal, and technical information that lays
the groundwork for your investigation. In Step 2, you consider
the types of resources needed to conduct the investigation. By
making these preparations, you are establishing forensic
readiness. Required resources can include people; tools and
technologies such as RAID disks, deployment kits, or imaging
programs; and budget and timeline information. Develop your
checklist. It will be included in your final "Investigation Project
Plan." In Step 3 you will prepare a plan for managing a digital
forensic investigation.
Step 3: Develop a Plan
In the prior step, you determined what resources would be
necessary for your investigation. In Step 3 you develop a plan
for managing the investigation. Reporting requirements reflect
the step-by-step rigidity of the criminal investigation process
itself. Being able to articulate time, task, money, and personnel
requirements is essential.
Project management is a skill set that is not often linked to
digital forensics and criminal investigations. That is unfortunate
because effective project management can have a dramatic
impact on the success and accuracy of an investigation.
Identifying the tasks that need to be performed, their sequence,
and their duration are important considerations, especially in
the face of "wild cards" such as delays in obtaining correct
search warrants and subpoenas. It is also important to have a
clear understanding of the goals for the investigation as you
will likely be called upon to present conclusions and opinions
of your findings.
Your project plan should include properly sequenced evidence
acquisition and investigation processes, time estimates, and
contingency plans. Your plan will serve many purposes
including the assignment of a project budget. As you create
your plan, be sure to include communications and reporting—
who should be involved, how the activities should be carried
7. out, how often, and under what circumstances (i.e., modality,
frequency).
Once you have developed your project management plan, move
on to Step 4 where you will submit your final assignment.
Step 4: Submit Completed Investigation Project Plan
For your final assignment, you will combine the results of the
previous three steps into a single planning document—an
"Investigation Project Plan"—with a title page, a table of
contents, and a distinct section for each of the three steps. The
Plan should include:
Forms documenting key people, key activities, timeline,
keywords, authorization (ownership, jurisdiction), and related
investigations. Designation of the Llegal forms required for
criminal investigations should also be included. (Step 1)
Resource list (Step 2)
Management plan (Step 3)
All sources of information must be appropriately referenced.
Submit your completed "Investigation Project Plan" to your
supervisor (your instructor) for evaluation upon completion.